package spring.security.oauth2.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * @description:
 * @author: chenzekai
 * @create: 2020/05/19
 **/
@Configuration
@EnableResourceServer
public class KikiResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.resourceId("kiki");
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {


        http
                .requestMatchers()
                .antMatchers("/user/**")
                .and()
                .authorizeRequests()
                .antMatchers("/user/getHead").access("#oauth2.hasScope('head')")
                .antMatchers("/user/getName").access("#oauth2.hasScope('name')")
                .antMatchers("/user/getPhone").access("#oauth2.hasScope('phone')")

                .and()
                .requestMatchers()
                .antMatchers("/kong/**","/kiki/**")
                .and()
                .authorizeRequests()
                .antMatchers("/kong/**").hasRole("user")
                .antMatchers("/kiki/hello/read").access("#oauth2.hasScope('read') and #oauth2.clientHasRole('admin')")
                .antMatchers("/kiki/hello/write").access("#oauth2.hasScope('write') and #oauth2.clientHasRole('admin')");





//        http.csrf()
//                .disable()
//                .authorizeRequests()
//                .antMatchers("/oauth/**", "/login/**", "/logout/**").permitAll()
//                .and()
//                .formLogin()
//                .permitAll()
//                .and()
//                .authorizeRequests()
//                .antMatchers("/kong/**").access("#oauth2.hasScope('select')")
//                .antMatchers("/kiki/**").hasRole("admin")
//                .antMatchers("/user/getHead").access("#oauth2.hasScope('head')")
//                .antMatchers("/user/getName").access("#oauth2.hasScope('name')")
//                .antMatchers("/user/getPhone").access("#oauth2.hasScope('phone')");
//        http
//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
//                .and()
//                .requestMatchers().anyRequest()
//                .and()
//                .anonymous()
//                .and()
//                .authorizeRequests()
//                .antMatchers("/kong/**").access("#oauth2.hasScope('select')")
//                .antMatchers("/kiki/**").hasRole("admin")
//                .antMatchers("/user/getHead").access("#oauth2.hasScope('head')")
//                .antMatchers("/user/getName").access("#oauth2.hasScope('name')")
//                .antMatchers("/user/getPhone").access("#oauth2.hasScope('phone')");


    }
}
